Enterprise identity management systems use internationally recognized and widely adopted identity management protocols. Mature enterprise software often supports standard international protocols to facilitate integration with a customer's own Identity Provider (IdP). In this context, IDaaS functions as the IdP.
Procedure
You can configure single sign-on in IDaaS for any application that supports standard protocols.
Go to Applications and click Add Application.
Select the Standard Protocols tab. Based on your requirements, select a Security Assertion Markup Language (SAML) 2.0 application or an OpenID Connect (OIDC) application. Click Add Application to begin the configuration.
Advantages of using standard protocols
For applications, supporting standard protocols provides the following benefits:
Maturity: Support for standard identity protocols is a key indicator of a mature enterprise application.
Versatility: This avoids vendor lock-in with a specific enterprise account system. Integrating with a standard protocol allows customers to choose the most suitable identity provider.
Security: Self-developed protocols are more likely to have security vulnerabilities. In contrast, international standard protocols undergo a rigorous publishing process, cover a wide range of scenarios, and provide robust security.
Integrating with a standard protocol is a quick process. If you are an enterprise application vendor and want to integrate with standard protocols, you can contact us for assistance. We can also list your enterprise application in the IDaaS marketplace to provide targeted public exposure.
Standard protocols supported by IDaaS
Standard protocol | Description |
OIDC | Published in 2014, the OpenID Connect (OIDC) protocol provides the best configuration, integration experience, and performance in modern identity systems. It adds an |
SAML 2.0 | Published in 2005, SAML 2.0 is still the most common single sign-on protocol in the world. Most mature enterprise applications support SAML integration. For historical reasons, its underlying layer is implemented based on XML, which makes it less adaptable in some edge scenarios. |
OAuth 2.0 | Published in 2012, OAuth 2.0 (RFC 6749) is the most common authorization proxy protocol. The protocol distinguishes between the authorization server (AS) and the resource server (RS), and is lightweight and flexible. Common features such as logging on with WeChat or scanning a QR code to log on with DingTalk are implemented using the OAuth 2.0 protocol. The capabilities of the OIDC protocol include those of the OAuth protocol. In IDaaS, you can use the OIDC protocol to replace the functions of the OAuth protocol. |
CAS | Central Authentication Service (CAS) 3.0 was published in 2013. CAS was developed and is maintained by Yale University and is supported by many applications. |
You can check if an application supports standard single sign-on protocols by searching for its name followed by "single sign-on" or for application_name SSO in a search engine or the application's documentation. If the application supports standard protocols, you can submit a request to us, and we will list the application in the Application Marketplace for you and other customers to use.